svn commit: r328706 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Sun Sep 29 15:07:17 UTC 2013
Author: bdrewery
Date: Sun Sep 29 15:07:15 2013
New Revision: 328706
URL: http://svnweb.freebsd.org/changeset/ports/328706
Log:
- Copy base r251088 over (which removes a patch) and disable default sandbox
privilege separation as it causes crashes when using AES crypto devices.
This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by
default
Reminded by: Garrett Wollman
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/files/patch-servconf.c
head/security/openssh-portable/files/patch-sshd_config
head/security/openssh-portable/files/patch-sshd_config.5
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Sun Sep 29 14:55:52 2013 (r328705)
+++ head/security/openssh-portable/Makefile Sun Sep 29 15:07:15 2013 (r328706)
@@ -3,7 +3,7 @@
PORTNAME= openssh
DISTVERSION= 6.2p2
-PORTREVISION= 3
+PORTREVISION= 4
PORTEPOCH= 1
CATEGORIES= security ipv6
MASTER_SITES= ${MASTER_SITE_OPENBSD}
Modified: head/security/openssh-portable/files/patch-servconf.c
==============================================================================
--- head/security/openssh-portable/files/patch-servconf.c Sun Sep 29 14:55:52 2013 (r328705)
+++ head/security/openssh-portable/files/patch-servconf.c Sun Sep 29 15:07:15 2013 (r328706)
@@ -39,12 +39,3 @@
if (options->kbd_interactive_authentication == -1)
options->kbd_interactive_authentication = 0;
if (options->challenge_response_authentication == -1)
-@@ -335,7 +339,7 @@
- options->version_addendum = xstrdup("");
- /* Turn privilege separation on by default */
- if (use_privsep == -1)
-- use_privsep = PRIVSEP_NOSANDBOX;
-+ use_privsep = PRIVSEP_ON;
-
- #ifndef HAVE_MMAP
- if (use_privsep && options->compression == 1) {
Modified: head/security/openssh-portable/files/patch-sshd_config
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config Sun Sep 29 14:55:52 2013 (r328705)
+++ head/security/openssh-portable/files/patch-sshd_config Sun Sep 29 15:07:15 2013 (r328706)
@@ -72,7 +72,7 @@
#TCPKeepAlive yes
#UseLogin no
-UsePrivilegeSeparation sandbox # Default for new installations.
-+#UsePrivilegeSeparation sandbox
++#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
Modified: head/security/openssh-portable/files/patch-sshd_config.5
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config.5 Sun Sep 29 14:55:52 2013 (r328705)
+++ head/security/openssh-portable/files/patch-sshd_config.5 Sun Sep 29 15:07:15 2013 (r328706)
@@ -79,15 +79,6 @@
.It Cm UsePrivilegeSeparation
Specifies whether
.Xr sshd 8
-@@ -1157,7 +1183,7 @@
- The goal of privilege separation is to prevent privilege
- escalation by containing any corruption within the unprivileged processes.
- The default is
--.Dq yes .
-+.Dq sandbox .
- If
- .Cm UsePrivilegeSeparation
- is set to
@@ -1182,7 +1208,7 @@
or
.Dq no .
More information about the svn-ports-all
mailing list